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(54) Data communication system using public keys 



(57) A data communications system is described in 
which messages are processed using public key cryp- 
tography with a private key unique to one or more users 
(150) under the control of a portable security device 
(1 20), such as a smart card, held by each user, the sys- 
tem comprising a server ( 1 30) lor performing public key 
processing using the private key. The server (130) 
stores, or has access to. the private key for the, or each, 
user :n encrypted form only The private key is encrypted 
with a key encrypting key and each security device ( 1 20) 
comprises means for storing or generating the key en- 
crypting key and providing the key encrypting key to the 
server ( 1 30). The server comprises secure means (360) 
to retrieve the encrypted private key for the user, decrypt 
the private key using the key encrypting key, perform 
the public key processing using the decrypted private 
key. and delete the decrypted private key after use 




FP 07355 12A2. 1 > 



^irn'cOby Jouvr- 75001 PAR.2 T^t 

REST AVAILABLE COPY 



EP0 725 512 A2 



1 

Description 

The invention relates to data communications sys- 
tems and. more particularly, to the secure processing of 
messages therein using public key cryptography. The 5 
invention -inds particular though not exclusive, applica- 
tion to the generation of digital signatures 

Public: key cryptographic algorithms are widely 
used to certify the origin of or ensure the security or in- 
tegrity of messages in data communications systems. 10 
Various tyoes of such algorithms exist ot which one well 
known vaiiant is the RSA algorithm A general introduc- 
tion to public key cryptography and the RSA algorithm 
can be lound in Meyer and Matyas 'Cryptography - A 
New Dimension in Computer Data Security', pages 32 'S 
- 48. Wiley 1982 These algorithms have some distinct 
advantages over the more traditional symmetric key al- 
gorithms In particular, they provide the ability for a key 
to be published or certified so that any independent third 
paity can receive and verify a message without refer- 20 
ence to a central authority 

One example of the use of public key cryptography 
in data communications is in the generation of digital sig- 
natures. The principle behind these techniques is the 
creation of a public digital value the signature - which 25 
depends on a message to be transmitted and the sign- 
ing user, sothe receiving usercan be sure that the send- 
ing user and no other user, could create the signature 
value ana that the user created the signature value for 
this message and no other 30 

In such systems, the parly signing a message has 
a private key for which there exists a corresponding pub- 
lic key. The public key is available so that anyone can 
use it to decrypt data which the signer encrypts using 
the private key but no-one can create such encrypted 35 
data without access to the private key. 

Typically the signer produces a hash value from the 
message jsing a strong hash algorithm, such that the 
chance of another message resulting in the same value 
is extremely low. The means of calculating this value is -to 
public knowledge but there is no feasible way to deter- 
mine a different message which results in the same val- 
ue The signer encrypts the value using the private key, 
and sends the message and the encrypted value to the 
recipient. 45 

The recipient can use the public key to decrypt the 
value, and can lest whether the calculation on the mes- 
sage produces the same value If it does, this satisfies 
the lecipient that the message was the one signed be- 
cause there is no feasible way to calculate another mes- so 
sage which produces the same value The recipient can 
also be sui e that the signer did indeed sign the message 
because no-onc can create the encrypted value without 
access to rhe private key 

However, such public key encryption schemes are 55 
computationally intensive and demand substantially 
higher computing resources such as processing power 
and memory requirements for encryption and decryp- 



tion than symmetric key schemes. 

In many applications of public key cryptography to 
data communications, the message must be processed 
under the control of a portable security device, such as 
a smart card. PCMCIA card or laptop computer, carried 
and presented by a user. Whilst methods have been pro- 
posed to enable messages to be signed with much less 
computational effort than they can be verified, such as 
in the US Department of Commerce/National Institue of 
Standards and Technology (NIST) Digital Signature 
Standard published in Federal Information Processing 
Standard (FIPS) 186. May 19 1994 : the situation re- 
mains that., using current technology, in many cases it 
is not practical or cost-effective to provide such portable 
security devices with the necessary processing power 
or memory to perform suff ciently strong public key 
processing in an acceptable time. 

Various methods have been proposed in the prior 
art to enable such a security device to perform the public 
key processing with the aid of a powerful server compu- 
tei. without requiring the security device to reveal the 
secret key to the server. Examples of these techniques 
can be found, for example, in: Laih et at, Two efficient 
server-aided secret computation protocols based on the 
addition sequence', Advances in Cryptology - Asiacrypt 
91 Proceedings 1 993 pp450-459. 

Whilst these methods go some way to alleviating 
the problem, they suffer from several disadvantages in- 
herent in storing the secret key on a portable and tow 
cost device 

First, it is possible the device may be probed to ob- 
tain the secret key. 

Secondly, if the signer's private key is compro- 
mised, a different user might use it to process messag- 
es. In this circumstance, a means is required to revoke 
the secret key so the unauthorised user can no longer 
use it. Since the security devices are not connected to 
the system at all times and could be reconnected to the 
system at any point, withdrawing or preventing use of 
the secret keys is, in practice, very difficult. Typically this 
has been achieved using various types of user black- 
lists. However, there are many practical difficulties as- 
sociated with controlling, updating and verifying the au- 
thenticity of such lists, particularly over widespread net- 
works. 

Furthermore, since some smart card implementa- 
tions which make use of public key algorithms for sign- 
ing purposes cannot generate the user's public and pri- 
vate key pair within the smart card, there are potential 
security exposures when the key is initially loaded into 
the security device. This is because the key generation 
algorithm is quite complex, more so than the encryption 
and decryption functions. Therefore if it is required to 
store the secret key on the card then it may also be re- 
quired to generate the secret key off the card and to en- 
ter it onto the card during an initialisation process. This 
initialisation process inevitably exposes the key to some 
degree 
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This invention is directed to the problem of providing 
a secure method of enabling messages to oc processed 
using public key processing on behalf of the authorised 
holder of a portable security device such as a smart 
card, in such a manner that it can oe shown that only s 
the authorised hclderof the security device could have 
authorised the processing of a particular message, with- 
out requirng the public key algorithm to be performed 
by the security device without having to store :he private 
key in the security device and without requiring the key 10 
generation process to be performed by the security de- 
vice 

To solve this problem the invention provides a com- 
munications system in which messages are processed 
using public key cryptography with a pnvaie key unique >s 
to one or more users urder the control of a portable se- 
curity device held by the or each. user, the system com- 
prising, a server for performing public key processing 
using the private key. the server being adapted for data 
communication with the portable security device, char- 20 
acterised in that the servei comprises, or has access to. 
data storage means in which is stored in a secure man- 
ner the private key for the or each, user in encrypted 
form only, the private key being encrypted with a key 
encrypting key, the server comprising secure process- 25 
ing means, to receive a message to be processed from 
the user, retrieve the encrypted private key for the user, 
decrypt the private Key using the key encrypting key. 
perform the public key processing for the message us- 
ing the decrypted private key, and delete the key en- 30 
crypting key and decrypted private key after use. and in 
that each security device comprises means for storing 
or generating the key encrypting key and providing the 
key encrypting key to the server and means for specify- 
ing a message to be processed the system being ar- 35 
ranged sc that communication of at least the key en- 
crypting key to the server is secure and so that the serv- 
er can only use the key encrypting key to process the 
message specified by the user. 

A secure server is therefore provided to perform the -*o 
public key algorithm. However the server has access 
only to an encrypted form of the private key A portable 
security device controls the public key processing by 
providing 1 he server with a key to enable the server to 
decrypt the private key. use it. and delete the private key 
after use. 

The secure communication of the key encrypting 
key to the seiver can oe accomplished in a numbei of 
ways I n pi ef en ed embodiments, the key encrypting key 
is encrypicd using a key derived from a second key en- so 
crypting key stored in the security device for transmis- 
sion between the security device and the server and the 
server has access to the socond key encrypting koy In 
this way communication of the key encrypting key to the 
server is secured by cryptographic means In other em- 55 
bodiments appropriate physical security of the commu- 
nication channel between the security device and the 
server could be used 



4 

Similarly, there are a number of ways of ensuring 
that the server can only use the key encrypting key lo 
process the message provided by the user. In preferred 
embodiments, the key encrypting key is cryptographi- 
cally associated wilh a message to be processed and 
the secure processing means comprises means to ver- 
ily the assocation of the key encrypting key with the 
message and is arranged only to make use of the key 
encrypting key to process that message. Again, in other 
embodiments appropriate physical security might be 
provided to ensure this. 

In one embodiment, the security device can encrypt 
the key encrypting key for transmission to the server us- 
ing a key derived from the message to be signed, there- 
by cryptographically associating the key encrypting key 
with the message. The server comprises secure means 
for extracting the key from the message and decrypting 
the key encrypting key. In this way. data transmitted by 
the security device can be used to decrypt the secret 
key for the original message only. It is not possible to 
inteicept the transmission to the servei and substitute 
the message for one not authorised by the user. 

It will be appreciated that there are many other ways 
of cryptographically binding the key encrypting key and 
the message For example, a message authentication 
code which could be verified by the server might be de- 
rived from a combination of the message and the key. 

In one embodiment of the invention, the key en- 
crypting key is stored in the security device as a revers- 
ible function of a password or PIN. the security device 
comprising means to receive the password from the us- 
er and being able to recover the key encrypting key us- 
ing the reversible function. This arrangement ensures 
that the data stored in a lost or stolen security device is 
not sufficient to enable a message to be generated 
which will permit the server to obtain access to the se- 
cret key. 

For convenience, the key encrypting key can be a 
one-way function of the private key. In this case, the 
server can check the recovered value of the private key 
by deriving therefrom the key-encrypting key and com- 
paring the derived value thereof with the value received 
from the security device. 

In further embodiments of the invention, the key en- 
crypting key can be a reversible function of a key stored 
in the security device and a random number, the server 
comprising means to provide the random number to the 
security device on request. 

Preferably, in such embodiments, the server is ar- 
ranged to reencrypt the private key each time it is used 

using a new random number, and to provide the new 
random number to the security device the next time it is 

roquirod to perform public key processing for a usor 

The use of a random number ensures that the proc- 
ess makes use of a new key value for each transaction 
even if the messages are identical, thereby improving 
security still further 

The invention also provides a portable security de- 
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vice which can be a smart card and a server for use in 
such a system 

Viewed from another aspect, the invention also pro- 
vides a method for processing messages using public 
key cryptography with a private key unique to one or 
more users urder the control of a portable security de- 
vice held by the, or each user, in a system comprising: 
a server for performing public key processing using the 
private key in which system the server is adapted for 
data communication with the portable security device; 
characterised by the steps of 

(a) storing in !he server, or providing the server with 
access to the private key for the, or each, user in 
encrypted form only, the private key being encrypt- 
ed with a key encrypting key: 

(b) storing or generating in the security device the 
key encrypting key and providing the key encrypting 
key to the server in a manner such that at least the 
key encrypting key is secure in communication to 
the seivei; and. 

in a secure environment m the server: 

(c) receiving a message to be processed specified 
by the user: 

(d) retrieving the encrypted private key for the user: 

(e) verifying that the message was that specified by 
the user: 

(f ) decrypting the private key using the key encrypt- 
ing key: 

(g) performing the public key processing for the 
message using the decrypted private key: and 

(h) deleting the decrypted private key and the key 
encrypting key after use. 

Embodiments of the invention will now be de- 
scribed, by way of example only, with reference to the 
accompanying drawings, wherein. 

Fig 1 shows a communications system: 

Fig 2 illustrates the generation of a digital signature: 

Fig 3 is a schematic diagram showing a simple first 
embodiment of the invention: 

Figs 4a and 4b illustrate processes carried out in 
tne srrart card and server in the first embodiment 

Fig 5 illustrates enhancements to the system ol Fig 
3 

Figs 6a and 6b illustrate processes carried out in 
the smart card and server in the enhanced first em- 
bodiment. 

Fig 7 is a schematic diagram illustrating a second 
embooiment of the invention- 
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Fig 8 illustrates the process carried out in the smart 
card in the second embodiment of the invention 

Fig 9 illustrates the process carried out in the server 
5 in the second embodiment. 

Fig 10 is a schematic diagram showing the initiali- 
sation procedures for the second embodiment: 

to Fig 1 1 is a flow diagram illustrating the initialisation 
procedures for the second embodiment 

Referring to Figure 1 , there is shown a communica- 
tions system which comprises communications network 

is 100 which may be any conventional type of local area 
network (LAN) or wide area network (WAN) or any com- 
bination of the two. Connected to the communications 
network 100 is workstation 110 incorporating a smart 
card reader for operating in conjunction with smart card 

20 120. Also connected to network 100 are server compu- 
ter 130 and an intended recipient of a message, shown 
for the sake of example as mainframe computer 140. 
Workstation 110 could, for instance, be a point of sale 
terminal at a retail outlet. Smart card 1 20 is in the pos- 

25 session of user 1 50. The system is arranged so that user 
150 can certify a message, such as a debit instruction 
for the user's account, generated in workstation 110 us- 
ing a digital signature. The generation of the digital sig- 
nature in the system is performed by server 130 under 

30 the control of smart card 120 

In Ihe following, the notation E K£Y (A) will be used 
to indicate the quantity A encrypted using a key KEY 
This notation will be used for both public key and sym- 
metric cryptographic algorithms. The symbol + repre- 
ss sents an invertible combinat on such as an XCR oper- 
ation or addition or multiplication mod p. where p is a 
non-secret prime number. 

It will be understood from what follows that, whilst 
in these embodiments server 1 30 is assumed, for clarity, 

40 to be a separate computer from workstation 110, the 
function ol server 130 could equally be performed by a 
process running in workstation 110 or in mainframe 
computer 140 Furthermore, whilst the embodiments 
are, tor clarity described in terms of a single server 130, 

•*5 it is envisaged that other embodiments may include a 
plurality of such servers. 

Figure 2 illustrates a simple example of the princi- 
ples behind the creation and use of digital signatures 
using pubbc key cryptography. It will be understood that 

so this type of digital signature is only one among many 

techniques for the generation of digital signatures using 

public key cryptography any of which may equally be 
employed in other embodiments of the invention. 

Fig 2 shows two users who wish to communicate 
55 with each other and to be sure of the identity of the other 
Each user has a public and private key pair PK and SK. 
Each user shares their public key with each other user 
Normally, each user would keep secret their respective 
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private key but the public keys would be available fcr 
whoever wished to communicate with them 

Suppose user A wishes to send a message MSG to 
user B over a data communications network A digital 
signature is generated from the message by first gener- 5 
attnq a hash value of the message using a strong hash- 
ing function, of which there are many known types. An 
example of a strong hash algorithm suitable for use in 
calculating digital signatures is described in US-A- 
4 908,861 The particuar hashing function involved is w 
assumed to be known to B Tms hash value is then en- 
crypted using the secret key of A to generate a digital 
signature E SKa (Hash(MSG)). The message is then 
transmitted to user B along with the digital signature. 
User B can verity the authenticity of the message by de- >5 
cryptmg the dgital signature using the public key PKa 
and comparing the value obta^ed with a hash value ob- 
tained from the message. 

In practice, the integrity of the public keys PKa 
would be certified by a third parly whose role would be 20 
lo certify keys. This would seive to satisfy B that PKa 
was indeed the public key associated with A and not with 
anybody e»se. Such certification and distribution of pub- 
lic keys is well known in the art and will not be further 
described ncrcin. A discussion of these certificates can 25 
be found in CCITT Recommendation X 509 Directory 
Services (1988). 

Figure 3 is a schematic d agram showing the oper- 
ation of a simple first embodiment of the invention Such 
an embodiment would be useful if the communications 30 
between the smart card and the server is separately se- 
cured by for example either physical or cryptographic 
means so that the keys and messages exchanged are 
protected. A variety of means are known to the art, such 
as the use of secure caolmg. or the use of data encryp- 35 
tion and authentication. In such a high security environ- 
ment, the smart card would act as an additional control 
over the use of the server 

Server 130 includes a secure cryptographic envi- 
ronment 360. such as that provided by the IBM 4755 -*o 
cryptographic adapter, and a disk storage device 350. 
The IBM 4755 cryptographic adapter stores crypto- 
graphic values securely on the storage device 350 un- 
der the protection of an encryption key, the local Master 
Key held within the secure cryptographic environment -*5 
360. The IBM 4755 cryptographic adapter provides an 
encapsulated and tamper-resistant hardware environ- 
ment Iof performing such cryptographic tasks under the 

contiol of microcode resident therein It is described in 
more detail in IBM Systems Journal Vol 30. No 2 1 991 , 50 
pp 206-229. 

The secret keys SK associated with a number of 
users A B. C. D arc stored securely in storage device 
350 in encrypted form They aro oncrypted using a con- 
ventional symmetric cryptographic algorithm, such as 55 
the well known DES algorithm, using a user-specific key 
KEY The user-specific key for i.ser A, denoted KEYa 
is stored in storage 370 in sma'l card 120 along with 
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information identifying the user - designated A in Fig 3 
- which will enable the corresponding encrypted secret 
key to be retrieved from storage device 350 

The process carried out by smart card 120 is illus- 
trated in Fig 4a. When user A wishes to send a message 
MSG and an associated digital signature, smart card 
120 generates a hash value H of message MSG in step 
480 and encrypts in step 481 user-specific key KEYa 
using a conventional symmetric algorithm, such as 
DES. with the hash value H as the key This encrypted 
value of the key is sent along with the message and the 
information identifying the user across the network lo 
server IX in step 482. 

The process carried out by server 1 30 is illustrated 
in Fig 4b Server 1 30 regenerates the hash value H from 
the message in step 491 and decrypts the user-specific 
key KEYa in step 492 This KEYa is used in the secure 
environment to decrypt and temporarily store the de- 
crypted value of the secret key of the user SKa in step 
493. This decrypted secret key is then used within the 
secure environment 360, to generate the digital signa- 
ture for the message in step 494. which is then either 
sent out directly by server 130 to the intended recipient 
of the message, or returned to smart card 120 for suo- 
scqucnt transmission. Finally, KEYa, the message, the 
hash value and SKa are erased within secure environ- 
ment 360 in step 495. 

Since the server is provided with secure crypto- 
graphic environment 350 and can therefore be control- 
led, assurance can be provided that the secret key SKa 
was used to sign only the original message, and that the 
message, its hash value H, SKa and KEYa have indeed 
been erased. The property of non-repudiation has there- 
fore been preserved Furthermore, server 130 can be 
maintained on-line in a systems management environ- 
ment If it is desired to rescind the ability of user 150 to 
generate digital signatures this can be easily achieved 
by deleting the encrypted value of SKa from storage 
350. No access is required to the contents of smart ca^d 
120, which might not be physically available at the time 
it is desired to rescind this authority. 

Fig 5 is a schematic diagram illustrating an en- 
hanced version of the first embodiment of the invention. 
The mode of operation illustrated in Fig 3 is modified in 
a number of ways. 

First, user 150 has a Personal Identification number 
(PIN) which is used to ensure that only user 150 can 
make use of smart card 1 20. This is achieved in this em- 
bodiment by arranging the system so that the key with 
which the user's secret key is encrypted when stored in 
server 1 30 is a combination, in this embodiment an XOR 
function denoted by +, of data stored on the card, rep 

resented as PKREVa in Fig 5. and the PIN. PINain Fig 5 
The authenticity of the PIN can be checked by the 
smart card by storing therein a value which is a one way 
function - in this case a strong hash - of the PIN. In this 
way, the PIN can be checked by regenerating the hash 
of the PIN supplied by the user and checking this against 
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the value stored in the card This is illustrated by process 
410 of Fig 5 

PKREVa is a reversible function of the PIN and a 
one-way function - in this case a strong hash - of the 
users secret key SKa. This one way function of the users 5 
secret key is denoted KOWFa in Fig 5 The reversible 
function can, for example, be a combination such as an 
XOR operation, or addition or multiplication mod p, 
where p is a non-secret prime number In this way, the 
one-way I unction of the secret key KOWFa can be re- 
covered using PINa. Note that using this approach the 
user may change his PIN without reference to the serv- 
er. This can be done by the smart card using PKREVa 
with the old and new PINa to recalculate a new value of 
PKREVa using the following relation 

PKREVa old)+PINa(old)fPINa(new) = PKREVa(new) 

The process carried out in smart card 120 is illus- 
trated in Fig 6a. When user a wishes to sign a message 
MSG the PIN and the message aie provided to the 
smart card, which generates a hash value H of the mes- 
sage in step 690 and combines this with the data stored 
on the caid KCARa in step 691 to form a transient, but 
complete, key encrypting key which is valid forone mes- 
sage only The smart card also recovers KOWFa from 
PINa and PKREVa in step 692 and enciphers KOWFa 
in step 693 using the transient key encrypting key de- 
rived* rom the message and KCARa. Note that the smart 
card stores neither the PIN nor the key used to encrypt 
the secret key Therefore, disclosure of the data stored 
on a lost or stolen smart card does not enable use of the 
secret key. 

Sman card 120 creates a request 440 containing 
information identifying the jser A. the enciphered value 
of KOWFa and the message. Request 440 is transmit- 
ted to server 1 30 over the network in step 694. 

The process carried out in server 130 is illustrated 
in Fig 6b Server 130 receives the request either imme- 
diately or at some future time, generates a hash value 
H of the message in step 695, regenerates the transient 
key from the message hash value H and KCARa in step 
696, which has been retrieved in encrypted form from 
storage 350 and decrypted into clear form The transient 
key is used to recover KOWFa in step 697 and. in turn, 
KOWFa is used to recover the user's secret key SKa in 
step 598. 

The values KCARa. KCARb etc are stored in stor- 
age device 350 with confidentiality since otherwise Ihey 
migh: be used to decrypt SKa by an adversary having 
intercepted transmission 440. 

In addition the validity of the recovered value of 

SKa is checked by using the one way function to gen- 
erate KOWFa from the recovered secret key and com- 
paring this value with the value of KOWFa recovered 
from request 440 

The recovered value of SKa is used within the se- 
cure cryptographic environment to generate the digital 
signature in step 699 in the manner described above 



As before, the recovered values of SKa and other keys 
are erased from the secure cryptographic environment 
360 after use in step 700 

Again since server 1 30 includes the secure crypto- 
graphic environment 360 and is controlled, assurance 
can be provided that only the original message was 
signed and that the secret key has indeed been erased 
from within the secure cryptographic environment 360. 
If it is desired to rescind the ablity of user 150 to gen- 
erate digital signatures this can be achieved by deleting 
either the encrypted value of SKa or KCARa from stor- 
age 350. 

Fig 7 is a schematic diagram illustrating a second 
embodiment of the invention. In this embodiment smart 
card 1 20 associated with user A stores two key encrypt- 
ing keys KEK1 a and KCARa. Server 1 30 stores KCARa 
and one of a series ol random numbers RNxa along with 
the encrypted form of the user's secret key. In this em- 
bodiment, the key used to encrypt the user's secret key 
is a combination of KEK1a with RNxa - denoted KEK1a 
+ RNxa in Fig 7. 

The process carried out by smart card 1 20 in this 
embodiment of the invention is illustrated in Fig 8 As 
before, a user 150 prepares a message MSG to be 
signed using their corresponding secret key SKa. User 
150 has a PIN - denoted PINa in Fig 7 which is entered 
and provided to smart card 120 via a suitable interface 
(for example a keyboard, not shown). As before, smart 
card 120 authenticates user 150 by generating a hash 
of PINa and comparing this with a stored value POWFa 
using process 410. 

In step 880. smart card 120 sends a message to 
server 130 indicating that a message is to be signed. 
Server 1 30 responds by providing a current one of a se- 
ries of random numbers RNxa to smart card 120. 

Smart card 120 generates a hash value H of the 
message MSG in step 881 then, calculates the key H + 
KCARa in step 882. The value KEK1 a + RNxa is calcu- 
lated in smart card 1 20 in step 883 and encrypted in step 
884 using the key H + KCARa. 

Smart card 120 then passes a request containing 
card id ICARa, the encrypted value of KEKla + RNxa, 
and the message over the network to server 1 30 in step 
885. Id ICARa enables the server to locate the keys as- 
sociated with user A. The protocol coutd also include the 
passing of RNxa back to server 1 30 which would allow 
a consistency check to be performed. 

The process curried out in server 130 is illustrated 
in Fig 9 In step 886, server 130 regenerates the hash 
value H from the message and computes the key H + 

KCARa in step 8B7. Using this key, server 1 30 recovers 

KEKla + RNxa in step 888 by decrypting E KCARo , H 
(KEK1a i RNxa) with KCARa ■ H and recovers the user's 
secret key SKa in step 889 by decrypting E KEKla+RNh<a 
(SKa) with KEK1a+RNxa. The message is then signed 
as before in step 890. 

Server 130 then calculates KEKla in step 891 by 
reccmbining a securely stored value of RNxa with 
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KEK1a + RNxa A new random number RN(x+i)a is 
ihen generated in step 89? for use in the next invocation 
of the algorithm RN(x+1)a is combined with KEK1a in 
step 893 and used to reencrypl the user's private key in 
step 994 prior to storage in storage device 350 in step 
396. RN(x + 1 )a is also stored securety in storage device 
350. replacing RNxa. The clear value of KEK1a in se- 
cure environment 360 ts then deleted in step B95. along 
with the clear value of the user's private key SKa, KEK1 a 
i RNxa and KEKla + RN(x+l)a. 

This arrangement prevents the authorization quan- 
tity E KCAR ., + H (KEKla - RNxa) along with the message 
MSG being used to generate another digital signature, 
by extracting the variant key KEKla + RNxa 

Fig 10 is a schematic diagram showing the initiali- 
sation procedures used in the embodiment of Fig 7 

The initialisation process carried out is illustrated in 
Fig 11 Server 130 generates in step 751 the following 
cryptographic keys lor user A. 

1 First key encrypting key KEKla 

2 Second key encrypting key KCARa 

3 A public and private key pair, PKa and SKa. for 
use with the public key algorithm. 

Having generated the keys, server 130 provides 
KEKla and KCARa to smart card 1 20 in step 752 Serv- 
er 1 30 then causes PKa and SKa to be initialised w thin 
the cryptographic system by requesting appropriate cer- 
tificates for PKa and making PKa available throughout 
the network (not shown). 

Server 130 then generates an random number 
RN1 a in step 753 and combines this with KEK1 a in step 
754 to produce a variant key KEKla + RNla. SKa is 
then encrypted in step 755 using the variant key to form 
the encrypted quantity E KEK1a+RN1fl (SKa) 

A PIN for user A, PINa. is generated in step 756 
along with a hash value POWFa in step 757. PINa is 
provided to user A in step 758, eg by post, and POWFa 
is stored on smart card 1 20 along with user identification 
data ICARa in step 759 

KCARa, RN1a and E K EKia + RNia (SKa) are stored 
secu r ely in storage 350 in step 760 and the clear values 
of SKa, KCARa. KEKla and their derivatives are erased 
from the secure cryptographic environment 360 in step 
761 

In embodiments in which there exist in the system 
more than one server 1 30 capabable of performing pub- 
lic key processing on behalf of usei 150. and when it is 
desired to distribute SKa to each additional server node. 

the following process can be performed when the server 

360 has SKa in a clear form, which is a1 the time of gen 
oration of SKa and whenever the user providos a mes- 
sage to be dig.tally signed to the servor. At this time the 
server having posession of the clear value of SKa will 
create an additional RNxa value for the extra server 
node and prepare an extra enciphered copy of SKa us- 
ing the same process B92. 893. and 894. as is used to 



obtain a focal newly enciphered SKa value. Then the 
server node will send the additional value of RNxa and 
KCARa. with confidentiality, along with the related enci- 
phered value of SKa to the additional node. All extra val- 
5 ues of RNxa and associated enciphered values of SKa 
are destroyed within the server at the conclusion of this 
process. 

This process will ensure that each additional server 
node can operate independently with the user with the 
w preservation of the property of non-repudiation 

It will be understood that secure methods exist for 
distributing cryptographic keys such as KEKla, KCARa 
and SKa between secure cryptographic servers within 
a network. 

15 

Claims 

1. A communications system 

20 

in which messages are processed using public 
key cryptography with a private key (SKa) 
unique to one or more users (150) under the 
control of a portable security device (120) held 
25 by the, or each, user, 

the system comprising: 

a server (130) for performing public key 
30 processing using the private key: 

the server (130) being adapted for data com- 
munication with the portable security device 
(120): 

35 

characterised in that 

the server (130) comprises, or has access to, 
data storage means in which is stored in a se- 
40 cure manner the private key for the, or each, 

user in encrypted form only 

the private key being encrypted with a key en- 
crypting key (KEYa; KOWFa; KEKla ♦ RNxa). 

45 

the server comprising secure processing 
means (360) to receive a message to bo proc- 
essed from the user, retrieve the encrypted pri- 
vate key for the user, decrypt the private key 
so using the key encrypting key, perform the public 

key processing for the message using the de- 
crypted private key. and delete the key encrypt- 
ing key and decrypted private key after uso, 

55 and in that each security device (1 20) compris- 

es means for storing or generating the key en- 
crypting key and providing the key encrypting 
key to the server (130) and means for specify- 
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ing a message to be processed 

the system being arranged so that communica- 
tion of at least Ihe key encrypting key to the 
serve' is secure and so that the server can only 
use the key encrypting key to process the mes- 
sage specified by the user. 

2. A system as claimed in claim 1 wherein the key en- 
crypting key is encrypted using a key derived from 
a second key encrypting key (KCARa) stored in the 
security device (1 20) for transmission betweer the 
security device and tne server, the server (130) 
comprising, or having access to data storage 
nears in which the second key encrypting key is 
stored in a secure manner, whereby communication 
of the key encrypting key to the server is secure. 

3. A system as claimed in claim 1 or claim 2 wherein 
the key encrypting key is cryptographically associ- 
ated with a message to be piocessed. the secure 
processing means comprising means to verify the 
association of the key encrypting key with the mes- 
sage and being arranged only to make use of the 
key encrypting key to process that message. 

4. A system as claimed in claim 3 wherein the security 
device comprises means to encrypt the key en- 
crypting key for transmission to the server using a 
key derived from the message to be signed, the 
server comprising secure means (360) for generat- 
ing the key from the message and decrypting the 
key encrypting key. 

5. A system as claimed in any preceding claim wherein 
the key encrypting key is stored in the security de- 
vice as a reversible function of a password (PINa), 
the system comprising means to receive from the 
user 150). and provide to the security device, the 
password the security device comprising means to 
recover the key encrypting key using the reversible 
function. 

6. A system as claimed in any preceding claim wherein 
the key encrypting key (KOWFa) is a one-way tunc- 
t on of the private key. the server comprising means 
to check tne recovered value of the private key by 
deriving therefrom the key-encrypting key and com- 
paring the derived value theieof with the value le- 
ceived from the security device 

7. A system as claimed in any preceding claim wherein 
the key encrypting key is a reversible function of a 
key siored in the security device (KEK1 a) and a ran- 
dom number (RNxa), the server (130) comprising 
means to provide the random number to the secu- 
rity device (120) wherein tho server (130) is ar- 
ranged to reencrypt the private key each time it is 



used using a new random number and to provide 
the new random number to the security device the 
next time it is required to perform public key 
processing for a user. 

5 

8. A portable security device for use in a communica- 
tions system as claimed in any preceding claim, the 
portable security device (120) being adapted to 
communicate data to a server and comprising 

io means for storing or generating the key encrypting 
key and providing the key encrypting key to the 
server (130) 

9. A portable security device as claimed in claim 8 in 
* 5 the form of a smart card 

10. A server for use in a communications system as 
claimed in any of claims 1 to 7, the server (1 30) be- 
ing adapted for data communications with a porta- 

20 ble security device and comprising, or having 
means to access, secure storage means (350) in 
wh ch the private key for the, or each, user is stored 
in encrypted form only, the private key being en- 
crypted with a key encrypting key, the server com- 

2S prising secure means (360) to retrieve the encrypt- 
ed private key for the user, decrypt the private key 
using the key encrypting key, perform the public key 
processing using the decrypted private key, and de- 
lete the decrypted private key and the key encrypt - 

30 ing key after use. 

11 . A method for processing messages using public key 
cryptography with a private key (SKa) unique to one 
or more users (150) under the control of a portable 

3$ security device (120) held by the. or each, user, in 
a system comprising: a server (130) for performing 
public key processing using the private key, in which 
system the server (1 30) is adapted for data commu- 
nication with the portable security device (120); 

40 characterised by the steps of 

(a) storing in the server, or providing the server 
with access to, the private key for the. or each, 
user in encrypted form only, the private key be- 

45 mg encrypted with a key encrypting key (KEYa: 

KOWFa; KEKli+RN1i); 

(b) storing or generating in the security device 
the key encrypting key and providing the key 

so encrypting key to the server (1 30) in a manner 

such that at least the key encrypting key is se- 
cure in communication to the server; 
and, 

in a secure environment in the server (1 30) 

55 

(c) receiving a message to be processed spec- 
ified by the user; 
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(d) retrieving the encrypted private key for the 
user 

(e) verifying that the message was that speci- 
fied by the user: 5 

(f) decrypting the private key using the key en- 
crypting key. 

(g) performing the public key processing for the ?0 
message using the decrypted private key: and 

(h) deleting the decrypted private key and the 
key encrypting key after use 
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